Upgrade libssh2 to 1.11.0

libssh2/src/crypt.c

@@ -38,14 +38,23 @@
 
 #include "libssh2_priv.h"
 
-#ifdef LIBSSH2_CRYPT_NONE
-
+#if defined(LIBSSH2DEBUG) && defined(LIBSSH2_CRYPT_NONE_INSECURE)
 /* crypt_none_crypt
- * Minimalist cipher: VERY secure *wink*
+ * Minimalist cipher: no encryption. DO NOT USE.
+ *
+ * The SSH2 Transport allows for unencrypted data transmission using
+ * the "none" cipher.  Because this is such a huge security hole, it is
+ * typically disabled on SSH2 implementations and is disabled in libssh2
+ * by default as well.
+ *
+ * Enabling this option will allow for "none" as a negotiable method,
+ * however it still requires that the method be advertised by the remote
+ * end and that no more-preferable methods are available.
+ *
  */
 static int
 crypt_none_crypt(LIBSSH2_SESSION * session, unsigned char *buf,
-                         void **abstract)
+                 void **abstract, int firstlast)
 {
     /* Do nothing to the data! */
     return 0;
@@ -62,7 +71,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_none = {
     crypt_none_crypt,
     NULL
 };
-#endif /* LIBSSH2_CRYPT_NONE */
+#endif /* defined(LIBSSH2DEBUG) && defined(LIBSSH2_CRYPT_NONE_INSECURE) */
 
 struct crypt_ctx
 {
@@ -97,12 +106,12 @@ crypt_init(LIBSSH2_SESSION * session,
 
 static int
 crypt_encrypt(LIBSSH2_SESSION * session, unsigned char *block,
-              size_t blocksize, void **abstract)
+              size_t blocksize, void **abstract, int firstlast)
 {
     struct crypt_ctx *cctx = *(struct crypt_ctx **) abstract;
     (void) session;
     return _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block,
-                                 blocksize);
+                                 blocksize, firstlast);
 }
 
 static int
@@ -117,6 +126,34 @@ crypt_dtor(LIBSSH2_SESSION * session, void **abstract)
     return 0;
 }
 
+#if LIBSSH2_AES_GCM
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_gcm = {
+    "aes256-gcm@openssh.com",
+    "",
+    16,                         /* blocksize */
+    12,                         /* initial value length */
+    32,                         /* secret length -- 32*8 == 256bit */
+    LIBSSH2_CRYPT_FLAG_INTEGRATED_MAC | LIBSSH2_CRYPT_FLAG_PKTLEN_AAD,
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes256gcm
+};
+
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_gcm = {
+    "aes128-gcm@openssh.com",
+    "",
+    16,                         /* blocksize */
+    12,                         /* initial value length */
+    16,                         /* secret length -- 16*8 == 128bit */
+    LIBSSH2_CRYPT_FLAG_INTEGRATED_MAC | LIBSSH2_CRYPT_FLAG_PKTLEN_AAD,
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes128gcm
+};
+#endif
+
 #if LIBSSH2_AES_CTR
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = {
     "aes128-ctr",
@@ -158,7 +195,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = {
 };
 #endif
 
-#if LIBSSH2_AES
+#if LIBSSH2_AES_CBC
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = {
     "aes128-cbc",
     "DEK-Info: AES-128-CBC",
@@ -212,7 +249,7 @@ static const LIBSSH2_CRYPT_METHOD
     &crypt_dtor,
     _libssh2_cipher_aes256
 };
-#endif /* LIBSSH2_AES */
+#endif /* LIBSSH2_AES_CBC */
 
 #if LIBSSH2_BLOWFISH
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_blowfish_cbc = {
@@ -260,7 +297,8 @@ crypt_init_arcfour128(LIBSSH2_SESSION * session,
         size_t discard = 1536;
         for(; discard; discard -= 8)
             _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block,
-                                  method->blocksize);
+                                  method->blocksize, MIDDLE_BLOCK);
+                               /* Not all middle, but here it doesn't matter */
     }
 
     return rc;
@@ -310,18 +348,24 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 };
 #endif
 
+/* These are the crypt methods that are available to be negotiated. Methods
+   towards the start are chosen in preference to ones further down the list. */
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
+#if LIBSSH2_AES_GCM
+    &libssh2_crypt_method_aes256_gcm,
+    &libssh2_crypt_method_aes128_gcm,
+#endif /* LIBSSH2_AES_GCM */
 #if LIBSSH2_AES_CTR
-  &libssh2_crypt_method_aes128_ctr,
-  &libssh2_crypt_method_aes192_ctr,
-  &libssh2_crypt_method_aes256_ctr,
-#endif /* LIBSSH2_AES */
-#if LIBSSH2_AES
+    &libssh2_crypt_method_aes256_ctr,
+    &libssh2_crypt_method_aes192_ctr,
+    &libssh2_crypt_method_aes128_ctr,
+#endif /* LIBSSH2_AES_CTR */
+#if LIBSSH2_AES_CBC
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
     &libssh2_crypt_method_aes192_cbc,
     &libssh2_crypt_method_aes128_cbc,
-#endif /* LIBSSH2_AES */
+#endif /* LIBSSH2_AES_CBC */
 #if LIBSSH2_BLOWFISH
     &libssh2_crypt_method_blowfish_cbc,
 #endif /* LIBSSH2_BLOWFISH */
@@ -335,7 +379,7 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
 #if LIBSSH2_3DES
     &libssh2_crypt_method_3des_cbc,
 #endif /*  LIBSSH2_DES */
-#ifdef LIBSSH2_CRYPT_NONE
+#if defined(LIBSSH2DEBUG) && defined(LIBSSH2_CRYPT_NONE_INSECURE)
     &libssh2_crypt_method_none,
 #endif
     NULL